<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      MIT Kerberos V5-1.18
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.79.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-9.1">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 9.1
      </h4>
      <h3>
        Chapter&nbsp;4.&nbsp;Security
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="libpwquality.html" title=
          "libpwquality-1.4.2">Prev</a>
          <p>
            libpwquality-1.4.2
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="nettle.html" title="Nettle-3.5.1">Next</a>
          <p>
            Nettle-3.5.1
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <h1 class="sect1">
        <a id="mitkrb" name="mitkrb"></a>MIT Kerberos V5-1.18
      </h1>
      <div class="package" lang="en" xml:lang="en">
        <h2 class="sect2">
          Introduction to MIT Kerberos V5
        </h2>
        <p>
          <span class="application">MIT Kerberos V5</span> is a free
          implementation of Kerberos 5. Kerberos is a network authentication
          protocol. It centralizes the authentication database and uses
          kerberized applications to work with servers or services that
          support Kerberos allowing single logins and encrypted communication
          over internal networks or the Internet.
        </p>
        <p>
          This package is known to build and work properly using an LFS-9.1
          platform.
        </p>
        <h3>
          Package Information
        </h3>
        <div class="itemizedlist">
          <ul class="compact">
            <li class="listitem">
              <p>
                Download (HTTP): <a class="ulink" href=
                "https://kerberos.org/dist/krb5/1.18/krb5-1.18.tar.gz">https://kerberos.org/dist/krb5/1.18/krb5-1.18.tar.gz</a>
              </p>
            </li>
            <li class="listitem">
              <p>
                Download MD5 sum: 69a5b165dac5754a5094627ee6df0def
              </p>
            </li>
            <li class="listitem">
              <p>
                Download size: 8.3 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated disk space required: 142 MB (add 25 MB for tests)
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated build time: 0.8 SBU (add 4.2 SBU for tests)
              </p>
            </li>
          </ul>
        </div>
        <h3>
          MIT Kerberos V5 Dependencies
        </h3>
        <h4>
          Optional
        </h4>
        <p class="optional">
          <a class="xref" href="../general/dejagnu.html" title=
          "DejaGnu-1.6.2">DejaGnu-1.6.2</a> (for full test coverage),
          <a class="xref" href="gnupg.html" title=
          "GnuPG-2.2.19">GnuPG-2.2.19</a> (to authenticate the package),
          <a class="xref" href="../general/keyutils.html" title=
          "keyutils-1.6.1">keyutils-1.6.1</a>, <a class="xref" href=
          "../server/openldap.html" title=
          "OpenLDAP-2.4.49">OpenLDAP-2.4.49</a>, <a class="xref" href=
          "../basicnet/rpcbind.html" title="rpcbind-1.2.5">rpcbind-1.2.5</a>
          (used during the testsuite), <a class="xref" href=
          "../general/valgrind.html" title=
          "Valgrind-3.15.0">Valgrind-3.15.0</a> (used during the testsuite),
          <a class="ulink" href=
          "https://www.cs.utah.edu/~bigler/code/libedit.html">libedit</a>,
          <a class="ulink" href="https://cmocka.org/">cmocka</a>, <a class=
          "ulink" href="https://pypi.org/project/pyrad/">pyrad</a>, and
          <a class="ulink" href=
          "https://cwrap.org/resolv_wrapper.html">resolv_wrapper</a>
        </p>
        <div class="admon note">
          <img alt="[Note]" src="../images/note.png" />
          <h3>
            Note
          </h3>
          <p>
            Some sort of time synchronization facility on your system (like
            <a class="xref" href="../basicnet/ntp.html" title=
            "ntp-4.2.8p13">ntp-4.2.8p13</a>) is required since Kerberos won't
            authenticate if there is a time difference between a kerberized
            client and the KDC server.
          </p>
        </div>
        <p class="usernotes">
          User Notes: <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/mitkrb">http://wiki.linuxfromscratch.org/blfs/wiki/mitkrb</a>
        </p>
      </div>
      <div class="installation" lang="en" xml:lang="en">
        <h2 class="sect2">
          Installation of MIT Kerberos V5
        </h2>
        <p>
          Build <span class="application">MIT Kerberos V5</span> by running
          the following commands:
        </p>
        <pre class="userinput">
<kbd class="command">cd src &amp;&amp;
 
sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp     &amp;&amp;
sed -i -e '/eq 0/{N;s/12 //}'    plugins/kdb/db2/libdb2/test/run.test &amp;&amp;

./configure --prefix=/usr            \
            --sysconfdir=/etc        \
            --localstatedir=/var/lib \
            --with-system-et         \
            --with-system-ss         \
            --with-system-verto=no   \
            --enable-dns-for-realm &amp;&amp;
make</kbd>
</pre>
        <p>
          To test the build, issue as the <code class=
          "systemitem">root</code> user: <span class="command"><strong>make
          -k check</strong></span>. You need at least <a class="xref" href=
          "../general/tcl.html" title="Tcl-8.6.10">Tcl-8.6.10</a>, which is
          used to drive the testsuite. Furthermore, <a class="xref" href=
          "../general/dejagnu.html" title="DejaGnu-1.6.2">DejaGnu-1.6.2</a>
          must be available for some of the tests to run. If you have a
          former version of MIT Kerberos V5 installed, it may happen that the
          test suite pick up the installed versions of the libraries, rather
          than the newly built ones. If so, it is better to run the tests
          after the installation.
        </p>
        <p>
          Now, as the <code class="systemitem">root</code> user:
        </p>
        <pre class="root">
<kbd class="command">make install &amp;&amp;

for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
         kdb5 kdb_ldap krad krb5 krb5support verto ; do

    find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;    
done          &amp;&amp;

mv -v /usr/lib/libkrb5.so.3*        /lib &amp;&amp;
mv -v /usr/lib/libk5crypto.so.3*    /lib &amp;&amp;
mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;

ln -v -sf ../../lib/libkrb5.so.3.3        /usr/lib/libkrb5.so        &amp;&amp;
ln -v -sf ../../lib/libk5crypto.so.3.1    /usr/lib/libk5crypto.so    &amp;&amp;
ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &amp;&amp;

mv -v /usr/bin/ksu /bin &amp;&amp;
chmod -v 755 /bin/ksu   &amp;&amp;

install -v -dm755 /usr/share/doc/krb5-1.18 &amp;&amp;
cp -vfr ../doc/*  /usr/share/doc/krb5-1.18</kbd>
</pre>
      </div>
      <div class="commands" lang="en" xml:lang="en">
        <h2 class="sect2">
          Command Explanations
        </h2>
        <p>
          The first sed increases the width of the virtual terminal used for
          some tests to prevent some spurious text in the output which is
          taken as a failure. The second <span class=
          "command"><strong>sed</strong></span> removes a test that is known
          to fail.
        </p>
        <p>
          <em class="parameter"><code>--localstatedir=/var/lib</code></em>:
          This option is used so that the Kerberos variable run-time data is
          located in <code class="filename">/var/lib</code> instead of
          <code class="filename">/usr/var</code>.
        </p>
        <p>
          <em class="parameter"><code>--with-system-et</code></em>: This
          switch causes the build to use the system-installed versions of the
          error-table support software.
        </p>
        <p>
          <em class="parameter"><code>--with-system-ss</code></em>: This
          switch causes the build to use the system-installed versions of the
          subsystem command-line interface software.
        </p>
        <p>
          <em class="parameter"><code>--with-system-verto=no</code></em>:
          This switch fixes a bug in the package: it does not recognize its
          own verto library installed previously. This is not a problem, if
          reinstalling the same version, but if you are updating, the old
          library is used as system's one, instead of installing the new
          version.
        </p>
        <p>
          <em class="parameter"><code>--enable-dns-for-realm</code></em>:
          This switch allows realms to be resolved using the DNS server.
        </p>
        <p>
          <code class="option">--with-ldap</code>: Use this switch if you
          want to compile the <span class="application">OpenLDAP</span>
          database backend module.
        </p>
        <p>
          <span class="command"><strong>mv -v /usr/lib/libk...
          /lib</strong></span> and <span class="command"><strong>ln -v -sf
          ../../lib/libk... /usr/lib/libk...</strong></span>: Move critical
          libraries to the <code class="filename">/lib</code> directory so
          that they are available when the <code class="filename">/usr</code>
          filesystem is not mounted.
        </p>
        <p>
          <span class="command"><strong>find /usr/lib -type f -name
          "lib$f*.so*" -exec chmod -v 755 {} \;</strong></span>: This command
          changes the permisison of installed libraries.
        </p>
        <p>
          <span class="command"><strong>mv -v /usr/bin/ksu
          /bin</strong></span>: Moves the <span class=
          "command"><strong>ksu</strong></span> program to the <code class=
          "filename">/bin</code> directory so that it is available when the
          <code class="filename">/usr</code> filesystem is not mounted.
        </p>
      </div>
      <div class="configuration" lang="en" xml:lang="en">
        <h2 class="sect2">
          Configuring MIT Kerberos V5
        </h2>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="krb5-config" name="krb5-config"></a>
          </h3>
          <h4 class="title">
            <a id="krb5-config" name="krb5-config"></a>Config Files
          </h4>
          <p>
            <code class="filename">/etc/krb5.conf</code> and <code class=
            "filename">/var/lib/krb5kdc/kdc.conf</code>
          </p>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3"></h3>
          <h4 class="title">
            <a id="idm45779284562848" name=
            "idm45779284562848"></a>Configuration Information
          </h4>
          <div class="sect4">
            <div class="titlepage">
              <div>
                <div>
                  <h5 class="title">
                    <a id="idm45779284562160" name=
                    "idm45779284562160"></a>Kerberos Configuration
                  </h5>
                </div>
              </div>
            </div>
            <div class="admon tip">
              <img alt="[Tip]" src="../images/tip.png" />
              <h3>
                Tip
              </h3>
              <p>
                You should consider installing some sort of password checking
                dictionary so that you can configure the installation to only
                accept strong passwords. A suitable dictionary to use is
                shown in the <a class="xref" href="cracklib.html" title=
                "CrackLib-2.9.7">CrackLib-2.9.7</a> instructions. Note that
                only one file can be used, but you can concatenate many files
                into one. The configuration file shown below assumes you have
                installed a dictionary to <code class=
                "filename">/usr/share/dict/words</code>.
              </p>
            </div>
            <p>
              Create the Kerberos configuration file with the following
              commands issued by the <code class="systemitem">root</code>
              user:
            </p>
            <pre class="root">
<kbd class="command">cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
<code class="literal"># Begin /etc/krb5.conf

[libdefaults]
    default_realm = <em class=
"replaceable"><code>&lt;EXAMPLE.ORG&gt;</code></em>
    encrypt = true

[realms]
    <em class="replaceable"><code>&lt;EXAMPLE.ORG&gt;</code></em> = {
        kdc = <em class=
"replaceable"><code>&lt;belgarath.example.org&gt;</code></em>
        admin_server = <em class=
"replaceable"><code>&lt;belgarath.example.org&gt;</code></em>
        dict_file = /usr/share/dict/words
    }

[domain_realm]
    .<em class=
"replaceable"><code>&lt;example.org&gt;</code></em> = <em class=
"replaceable"><code>&lt;EXAMPLE.ORG&gt;</code></em>

[logging]
    kdc = SYSLOG:INFO:AUTH
    admin_server = SYSLOG:INFO:AUTH
    default = SYSLOG:DEBUG:DAEMON

# End /etc/krb5.conf</code>
EOF</kbd>
</pre>
            <p>
              You will need to substitute your domain and proper hostname for
              the occurrences of the <em class=
              "replaceable"><code>&lt;belgarath&gt;</code></em> and
              <em class="replaceable"><code>&lt;example.org&gt;</code></em>
              names.
            </p>
            <p>
              <code class="option">default_realm</code> should be the name of
              your domain changed to ALL CAPS. This isn't required, but both
              <span class="application">Heimdal</span> and MIT recommend it.
            </p>
            <p>
              <code class="option">encrypt = true</code> provides encryption
              of all traffic between kerberized clients and servers. It's not
              necessary and can be left off. If you leave it off, you can
              encrypt all traffic from the client to the server using a
              switch on the client program instead.
            </p>
            <p>
              The <code class="option">[realms]</code> parameters tell the
              client programs where to look for the KDC authentication
              services.
            </p>
            <p>
              The <code class="option">[domain_realm]</code> section maps a
              domain to a realm.
            </p>
            <p>
              Create the KDC database:
            </p>
            <pre class="root">
<kbd class="command">kdb5_util create -r <em class=
"replaceable"><code>&lt;EXAMPLE.ORG&gt;</code></em> -s</kbd>
</pre>
            <p>
              Now you should populate the database with principals (users).
              For now, just use your regular login name or <code class=
              "systemitem">root</code>.
            </p>
            <pre class="root">
<kbd class="command">kadmin.local
<code class="prompt">kadmin.local:</code> add_policy dict-only
<code class=
"prompt">kadmin.local:</code> addprinc -policy dict-only <em class=
"replaceable"><code>&lt;loginname&gt;</code></em></kbd>
</pre>
            <p>
              The KDC server and any machine running kerberized server
              daemons must have a host key installed:
            </p>
            <pre class="root">
<kbd class="command"><code class=
"prompt">kadmin.local:</code> addprinc -randkey host/<em class=
"replaceable"><code>&lt;belgarath.example.org&gt;</code></em></kbd>
</pre>
            <p>
              After choosing the defaults when prompted, you will have to
              export the data to a keytab file:
            </p>
            <pre class="root">
<kbd class="command"><code class=
"prompt">kadmin.local:</code> ktadd host/<em class=
"replaceable"><code>&lt;belgarath.example.org&gt;</code></em></kbd>
</pre>
            <p>
              This should have created a file in <code class=
              "filename">/etc</code> named <code class=
              "filename">krb5.keytab</code> (Kerberos 5). This file should
              have 600 (<code class="systemitem">root</code> rw only)
              permissions. Keeping the keytab files from public access is
              crucial to the overall security of the Kerberos installation.
            </p>
            <p>
              Exit the <span class="command"><strong>kadmin</strong></span>
              program (use <span class="command"><strong>quit</strong></span>
              or <span class="command"><strong>exit</strong></span>) and
              return back to the shell prompt. Start the KDC daemon manually,
              just to test out the installation:
            </p>
            <pre class="root">
<kbd class="command">/usr/sbin/krb5kdc</kbd>
</pre>
            <p>
              Attempt to get a ticket with the following command:
            </p>
            <pre class="userinput">
<kbd class="command">kinit <em class=
"replaceable"><code>&lt;loginname&gt;</code></em></kbd>
</pre>
            <p>
              You will be prompted for the password you created. After you
              get your ticket, you can list it with the following command:
            </p>
            <pre class="userinput">
<kbd class="command">klist</kbd>
</pre>
            <p>
              Information about the ticket should be displayed on the screen.
            </p>
            <p>
              To test the functionality of the keytab file, issue the
              following command as the <code class="systemitem">root</code>
              user:
            </p>
            <pre class="root">
<kbd class="command">ktutil
<code class="prompt">ktutil:</code> rkt /etc/krb5.keytab
<code class="prompt">ktutil:</code> l</kbd>
</pre>
            <p>
              This should dump a list of the host principal, along with the
              encryption methods used to access the principal.
            </p>
            <p>
              At this point, if everything has been successful so far, you
              can feel fairly confident in the installation and configuration
              of the package.
            </p>
          </div>
          <div class="sect4">
            <div class="titlepage">
              <div>
                <div>
                  <h5 class="title">
                    <a id="idm45779284516768" name=
                    "idm45779284516768"></a>Additional Information
                  </h5>
                </div>
              </div>
            </div>
            <p>
              For additional information consult the <a class="ulink" href=
              "http://web.mit.edu/kerberos/www/krb5-1.18/#documentation">documentation
              for krb5-1.18</a> on which the above instructions are based.
            </p>
          </div>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="mitkrb-init" name="mitkrb-init"></a>
          </h3>
          <h4 class="title">
            <a id="mitkrb-init" name="mitkrb-init"></a><span class=
            "phrase">Init Script</span>
          </h4>
          <p>
            If you want to start <span class="application">Kerberos</span>
            services at boot, install the <code class=
            "filename">/etc/rc.d/init.d/krb5</code> init script included in
            the <a class="xref" href="../introduction/bootscripts.html"
            title="BLFS Boot Scripts">blfs-bootscripts-20191204</a> package
            using the following command:
          </p>
          <pre class="root">
<kbd class="command">make install-krb5</kbd>
</pre>
        </div>
      </div>
      <div class="content" lang="en" xml:lang="en">
        <h2 class="sect2">
          Contents
        </h2>
        <div class="segmentedlist">
          <div class="seglistitem">
            <div class="seg">
              <strong class="segtitle">Installed Programs:</strong>
              <span class="segbody">gss-client, gss-server, k5srvutil,
              kadmin, kadmin.local, kadmind, kdb5_ldap_util (optional),
              kdb5_util, kdestroy, kinit, klist, kpasswd, kprop, kpropd,
              kproplog, krb5-config, krb5-send-pr, krb5kdc, ksu, kswitch,
              ktutil, kvno, sclient, sim_client, sim_server, sserver,
              uuclient, and uuserver</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Libraries:</strong>
              <span class="segbody">libgssapi_krb5.so, libgssrpc.so,
              libk5crypto.so, libkadm5clnt_mit.so, libkadm5clnt.so,
              libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so (optional),
              libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
              libverto.so, and some plugins under the /usr/lib/krb5
              tree</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Directories:</strong>
              <span class="segbody">/usr/include/{gssapi,gssrpc,kadm5,krb5},
              /usr/lib/krb5, /usr/share/{doc/krb5-1.18,examples/krb5},
              /var/lib/krb5kdc, and /run/krb5kdc</span>
            </div>
          </div>
        </div>
        <div class="variablelist">
          <h3>
            Short Descriptions
          </h3>
          <table border="0" class="variablelist">
            <colgroup>
              <col align="left" valign="top" />
              <col />
            </colgroup>
            <tbody>
              <tr>
                <td>
                  <p>
                    <a id="gss-client" name="gss-client"></a><span class=
                    "term"><span class=
                    "command"><strong>gss-client</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a GSSAPI test client.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="gss-server" name="gss-server"></a><span class=
                    "term"><span class=
                    "command"><strong>gss-server</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a GSSAPI test server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="k5srvutil" name="k5srvutil"></a><span class=
                    "term"><span class=
                    "command"><strong>k5srvutil</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a host keytable manipulation utility.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kadmin" name="kadmin"></a><span class=
                    "term"><span class=
                    "command"><strong>kadmin</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is an utility used to make modifications to the Kerberos
                    database.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kadmin.local" name="kadmin.local"></a><span class=
                    "term"><span class=
                    "command"><strong>kadmin.local</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is an utility similar to <span class=
                    "command"><strong>kadmin</strong></span>, but if the
                    database is db2, the local client <span class=
                    "command"><strong>kadmin.local</strong></span>, is
                    intended to run directly on the master KDC without
                    Kerberos authentication.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kadmind" name="kadmind"></a><span class=
                    "term"><span class=
                    "command"><strong>kadmind</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a server for administrative access to a Kerberos
                    database.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kdb5_ldap_util" name=
                    "kdb5_ldap_util"></a><span class="term"><span class=
                    "command"><strong>kdb5_ldap_util
                    (optional)</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    allows an administrator to manage realms, Kerberos
                    services and ticket policies.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kdb5_util" name="kdb5_util"></a><span class=
                    "term"><span class=
                    "command"><strong>kdb5_util</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the KDC database utility.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kdestroy" name="kdestroy"></a><span class=
                    "term"><span class=
                    "command"><strong>kdestroy</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    removes the current set of tickets.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kinit" name="kinit"></a><span class=
                    "term"><span class=
                    "command"><strong>kinit</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to authenticate to the Kerberos server as a
                    principal and acquire a ticket granting ticket that can
                    later be used to obtain tickets for other services.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="klist" name="klist"></a><span class=
                    "term"><span class=
                    "command"><strong>klist</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    reads and displays the current tickets in the credential
                    cache.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kpasswd" name="kpasswd"></a><span class=
                    "term"><span class=
                    "command"><strong>kpasswd</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a program for changing Kerberos 5 passwords.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kprop" name="kprop"></a><span class=
                    "term"><span class=
                    "command"><strong>kprop</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    takes a principal database in a specified format and
                    converts it into a stream of database records.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kpropd" name="kpropd"></a><span class=
                    "term"><span class=
                    "command"><strong>kpropd</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    receives a database sent by <span class=
                    "command"><strong>kprop</strong></span> and writes it as
                    a local database.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kproplog" name="kproplog"></a><span class=
                    "term"><span class=
                    "command"><strong>kproplog</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    displays the contents of the KDC database update log to
                    standard output.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="krb5-config-prog2" name=
                    "krb5-config-prog2"></a><span class="term"><span class=
                    "command"><strong>krb5-config</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    gives information on how to link programs against
                    libraries.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="krb5kdc" name="krb5kdc"></a><span class=
                    "term"><span class=
                    "command"><strong>krb5kdc</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the <span class="application">Kerberos 5</span>
                    server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="krb5-send-pr" name="krb5-send-pr"></a><span class=
                    "term"><span class=
                    "command"><strong>krb5-send-pr</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    sends a problem report (PR) to a central support site.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="ksu" name="ksu"></a><span class=
                    "term"><span class="command"><strong>ksu</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the super user program using Kerberos protocol.
                    Requires a properly configured <code class=
                    "filename">/etc/shells</code> and <code class=
                    "filename">~/.k5login</code> containing principals
                    authorized to become super users.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kswitch" name="kswitch"></a><span class=
                    "term"><span class=
                    "command"><strong>kswitch</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    makes the specified credential cache the primary cache
                    for the collection, if a cache collection is available.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="ktutil" name="ktutil"></a><span class=
                    "term"><span class=
                    "command"><strong>ktutil</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a program for managing Kerberos keytabs.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="kvno" name="kvno"></a><span class=
                    "term"><span class=
                    "command"><strong>kvno</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    prints keyversion numbers of Kerberos principals.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="sclient" name="sclient"></a><span class=
                    "term"><span class=
                    "command"><strong>sclient</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to contact a sample server and authenticate to it
                    using Kerberos 5 tickets, then display the server's
                    response.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="sim_client" name="sim_client"></a><span class=
                    "term"><span class=
                    "command"><strong>sim_client</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a simple UDP-based sample client program, for
                    demonstration.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="sim_server" name="sim_server"></a><span class=
                    "term"><span class=
                    "command"><strong>sim_server</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a simple UDP-based server application, for
                    demonstration.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="sserver" name="sserver"></a><span class=
                    "term"><span class=
                    "command"><strong>sserver</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the sample Kerberos 5 server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="uuclient" name="uuclient"></a><span class=
                    "term"><span class=
                    "command"><strong>uuclient</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is another sample client.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="uuserver" name="uuserver"></a><span class=
                    "term"><span class=
                    "command"><strong>uuserver</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is another sample server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libgssapi_krb5" name=
                    "libgssapi_krb5"></a><span class="term"><code class=
                    "filename">libgssapi_krb5.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    contains the Generic Security Service Application
                    Programming Interface (GSSAPI) functions which provides
                    security services to callers in a generic fashion,
                    supportable with a range of underlying mechanisms and
                    technologies and hence allowing source-level portability
                    of applications to different environments.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libkadm5clnt" name="libkadm5clnt"></a><span class=
                    "term"><code class=
                    "filename">libkadm5clnt.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    contains the administrative authentication and password
                    checking functions required by Kerberos 5 client-side
                    programs.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libkadm5srv" name="libkadm5srv"></a><span class=
                    "term"><code class=
                    "filename">libkadm5srv.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    contains the administrative authentication and password
                    checking functions required by Kerberos 5 servers.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libkdb5" name="libkdb5"></a><span class=
                    "term"><code class="filename">libkdb5.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a Kerberos 5 authentication/authorization database
                    access library.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libkrad" name="libkrad"></a><span class=
                    "term"><code class="filename">libkrad.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    contains the internal support library for RADIUS
                    functionality.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libkrb5" name="libkrb5"></a><span class=
                    "term"><code class="filename">libkrb5.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    is an all-purpose <span class="application">Kerberos
                    5</span> library.
                  </p>
                </td>
              </tr>
            </tbody>
          </table>
        </div>
      </div>
      <p class="updated">
        Last updated on 2020-02-18 14:50:03 -0800
      </p>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="libpwquality.html" title=
          "libpwquality-1.4.2">Prev</a>
          <p>
            libpwquality-1.4.2
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="nettle.html" title="Nettle-3.5.1">Next</a>
          <p>
            Nettle-3.5.1
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
